Notes

# networking

# IP addresses

  • ipv4 = 32 bit
  • ipv6 = 128 bit

# DHCP (dynamic host configuration protocol)

Protocol that provides quick, automatic, and central management for the distribution of IP addresses within a network.

# ARP (address resolution protocol)

Get MAC (Media Access Control) hardware address from IP logical address. MAC is 48-bit made up of 6 groups of 2 hex numbers separated by a colon.

# NAT (network address translation)

The process of mapping a private IP address to a public IP address that can be routed to on the internet. In addition to providing a consistent routing scheme for private networks, NAT also helps delay the exhaustion of IPv4 addresses. Port Address Translation is the most common form of NAT in use.

# SNAT

Modifies source, preserves destination. Allows private hosts initite connection to internet.

# DNAT

Modifies destination, preserves source. Allows public hosts to connect to private network. AKA port forwarding.

# private IP ranges

10.0.0.0 – 10.255.255.255 (Class A)
172.16.00 – 172.31.255.255 (Class B)
192.168.0.0 – 192.168.255.255 (Class C)

# OSI model

  1. Physical Layer - hardware and its specs e.g. wireless frequencies
  2. Data Link - node to node transfer between connected devices e.g. ethernet software on switches
  3. Network - standards for data transfer and routing on a multi device network e.g. IP
  4. Transport - enable reliable end to end data transfer over a network e.g. TCP, UDP
  5. Session - managing dialogue sessions between computers e.g. RPC calls.
  6. Presentation - transferred data is in correct format e.g. compression and/or encryption
  7. Application - implementations of protocols for communication e.g. SMTP, HTTP, FTP

# network transmission

# unicast

  • one-to-one
  • most common
  • supports TCP
  • many-to-many possible via switches

# broadcast

  • one-to-all
  • messages sent to all connected devices
  • used by ARP
  • uses broadcast address 255.255.255.255
  • switches forward broadcast messages
  • routers drop broadcast messages
  • replaced in ipv6 for multicast

# multicast

  • one-to-many or many-to-many
  • requires multicast groups to receive data
  • implements IGMP protocol
  • routers and switches forward messages
  • uses UDP

# routing

# static routing

  • static routing is when routes are manually configured by a user or administrator
  • used in small networks
  • greater security
  • less fault tolerance
  • default route: route used when no other route is available for dest
  • stub network: all local traffic routed through single path

# dynamic routing

  • dynamic routing uses protocols to discover routes on a network and choose the best route
  • requires initial configuration
  • does not need to change with network topology
  • routers share information
  • increases cpu and memory on routers
  • less secure (data on routers)

# route tables

  • routing tables contain entries that the host or network device uses to make routing decisions
  • see cat /etc/iproute2/rt_tables and ip route show table 255
  • main table (254) contains the default route (usually the network gateway)

# routing protocols

Routing protocols are used to automatically discover available routes on a network and determine the best routes for network traffic to take

# IGP (interior gateway protocol)

  • used to trasmit information between devices in network(s)
  • IGP includes Distance-Vector and Link State protocols
  • Neighbouring router: routers sharing a data link

# Distance-Vector

  • used by routers to share route tables to connected routers, includg hops (Bellman-Ford)
  • includes RIPv1/v2 (routing information protocol): broadcasts to neighbour every 30s, max distance is 15 hops
  • RIPv2 supports authentication, multicast and CIDR
  • IGRP (interior gateway routing protocol): Cisco only, uses bandwidth and delay metrics, route poisoning, max hops is 255
  • EIGRP (enhanced IGRP): CIDR, auth, multicast
  • routers send updates to entire network about their neighbours
  • each router maintains a complete network map
  • updates only sent when topology changes
  • IS-IS (intermediate system - intermediate system): routes chosen using dijkstra shortest path, uses areas
  • OSPF (open shortest path first): uses dijkstra, simliar to IS-IS but with more areas, defacto standard

# EGP (exterior gateway protocol)

  • used to transmit routes between autonomous systems
  • Path Vector Routing Protocols:
    • do not determine if paths are loop-free based on distance but rather on path itself
    • BGP (border gateway protocol): main internet protocol, requires connections between neigbours/peers, no auto discovery
    • BGP used port 179, updates every 60s

# route selection

  • prefix length the route with the longest matching prefix is preferred e.g. 10.1.1.0/26 would be preferred to 10.1.1.0/22
  • administritive distance number assigned to routing protocols e.g. cisco OSPF has an AD of 110. Lowest AD is preferred
  • metric value routing protocol route selection metric e.g. EIGRP uses bandwidth and delay by default

# routing commands

  • ip addr IP address management, replaces deprecated ifconfig
  • ip link network device config, replaces deprecated ifconfig
  • ip neigh neighbour tables management, replaces deprecated arp
  • ip rule routing policy management
  • ip route route table management, replaces deprecated route
  • ping send an ICMP echo request to elicit an echo response
  • traceroute tracks route packets take to reach a destination

# ICMP (internet control message protocol)

Error reporting protocol used to send control messages to a packets source in the event of delivery issues. ICMP is a companion protocol to IP.

# common ICMP messages

  • echo reply and request (0 and 8)
  • destination unreachable (3)
  • redirect (5)
  • router advertisement and solicition (9 and 10)
  • time exceeded (11)

# ip forwarding

this is when a linux host or device (e.g. router) receives a packet and forwards/routes it to a destination

# policy based routing

# access control lits (ACLs)

Compares IP pcket sources with ACLs. Can be time based, named, and / or require authentication (lock & key)

# RPDB (linux routing policy database)

stores rules allowing routing decisions based on more than just destination address

ip rule - list configured RPDB rules

powershell